1997-10-09 - Re: Secure phone

Header Data

From: “Carl M. Ellison” <cme@acm.org>
To: Eric Blossom <eb@comsec.com>
Message Hash: 9969f23aaacc20349e8a17442b8112c4c1fa818d49de336b96a28b3cf16697b1
Message ID: <v0300780cb062157a72d1@[168.143.8.144]>
Reply To: <3.0.3.32.19971007102724.00a499c0@labg30>
UTC Datetime: 1997-10-09 04:10:47 UTC
Raw Date: Thu, 9 Oct 1997 12:10:47 +0800

Raw message

From: "Carl M. Ellison" <cme@acm.org>
Date: Thu, 9 Oct 1997 12:10:47 +0800
To: Eric Blossom <eb@comsec.com>
Subject: Re: Secure phone
In-Reply-To: <3.0.3.32.19971007102724.00a499c0@labg30>
Message-ID: <v0300780cb062157a72d1@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain



Eric,

	I think you can make a stronger statement.

	With your phone, once you exchange the hash you have good assurance
that you have a private conversation with the person whose voice you hear.

	How you determine that that is the person you think it is/should be
is a different problem.

	As for proving lack of an eavesdropper, you would also need to
establish that the person's earpiece wasn't bugged, the person didn't
record the conversation to hand to someone else, ....

	For my purposes, the authentication is secure enough that I'm very
pleased.  The voice quality is good enough that I can recognize friends --
and if I'm calling a stranger, then the MITM is a moot point.  That is, if
I'm calling a stranger named Bob, there is no way for me to tell the
difference between:

	Carl -- Eve -- Bob
and
	Carl -- Bob -- Eve

since both Bob and Eve are strangers to me and I don't know Bob well enough
to rule out case 2.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+

Thread

• Return to October 1997

• Return to “Adam Back <aba@dcs.ex.ac.uk>”
• Return to “Bill Frantz <frantz@netcom.com>”
• Return to “Bill Stewart <stewarts@ix.netcom.com>”
• Return to ““Carl M. Ellison” <cme@acm.org>”
• Return to “Eric Blossom <eb@comsec.com>”
• Return to “John Deters <jad@dsddhc.com>”

• Return to “The Spook <ts@dev.null>”

• Unknown thread root
  • 1997-10-02 (Fri, 3 Oct 1997 05:20:26 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
    • 1997-10-03 (Sat, 4 Oct 1997 07:52:34 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
      • 1997-10-06 (Mon, 6 Oct 1997 16:08:02 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
        • 1997-10-06 (Tue, 7 Oct 1997 04:02:19 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-06 (Tue, 7 Oct 1997 05:55:29 +0800) - using PGP email to authenticate Eric’s Secure phone - Adam Back <aba@dcs.ex.ac.uk>
        • 1997-10-07 (Tue, 7 Oct 1997 23:36:21 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
          • 1997-10-07 (Wed, 8 Oct 1997 04:06:54 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-08 (Thu, 9 Oct 1997 02:34:10 +0800) - Re: Secure phone - John Deters <jad@dsddhc.com>
            • 1997-10-08 (Thu, 9 Oct 1997 06:55:21 +0800) - computationally infeasible jobs for MITMs (Re: Secure phone) - Adam Back <aba@dcs.ex.ac.uk>
            • 1997-10-09 (Thu, 9 Oct 1997 11:08:36 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - John Deters <jad@dsddhc.com>
            • 1997-10-10 (Fri, 10 Oct 1997 15:14:29 +0800) - Re: computationally infeasible jobs for MITMs (Re: Secure phone) - Bill Stewart <stewarts@ix.netcom.com>
              • 1997-10-10 (Fri, 10 Oct 1997 20:24:57 +0800) - authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
              • 1997-10-10 (Fri, 10 Oct 1997 23:12:56 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - John Deters <jad@dsddhc.com>
                • 1997-10-10 (Sat, 11 Oct 1997 01:21:13 +0800) - secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
                  • 1997-10-10 (Sat, 11 Oct 1997 05:25:51 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Eric Blossom <eb@comsec.com>
                    • 1997-10-10 (Sat, 11 Oct 1997 07:40:56 +0800) - Re: secure phone on a PCI card? (Re: authentication suggestion for secure phone) computationally infeasible jobs for MITMs) - Adam Back <aba@dcs.ex.ac.uk>
              • 1997-10-10 (Sat, 11 Oct 1997 00:02:15 +0800) - Re: authentication suggestion for secure phone (Re: computationally infeasible jobs for MITMs) - The Spook <ts@dev.null>
          • 1997-10-09 (Thu, 9 Oct 1997 12:10:47 +0800) - Re: Secure phone - “Carl M. Ellison” <cme@acm.org>
      • 1997-10-06 (Tue, 7 Oct 1997 00:40:13 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>
        • 1997-10-06 (Tue, 7 Oct 1997 02:23:45 +0800) - Re: Secure phone - Adam Back <aba@dcs.ex.ac.uk>
          • 1997-10-06 (Tue, 7 Oct 1997 03:57:55 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
          • 1997-10-06 (Tue, 7 Oct 1997 04:02:35 +0800) - Re: Secure phone - Eric Blossom <eb@comsec.com>
        • 1997-10-07 (Tue, 7 Oct 1997 14:52:45 +0800) - Re: Secure phone - Bill Frantz <frantz@netcom.com>